{"id":185227,"date":"2010-08-06T00:00:00","date_gmt":"2010-09-08T07:49:55","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/research\/msr-research-item\/virtual-machine-reset-vulnerabilities-and-hedged-cryptography-subspace-lwe-cryptography-against-continuous-memory-attacks\/"},"modified":"2016-08-22T11:27:46","modified_gmt":"2016-08-22T18:27:46","slug":"virtual-machine-reset-vulnerabilities-and-hedged-cryptography-subspace-lwe-cryptography-against-continuous-memory-attacks","status":"publish","type":"msr-video","link":"https:\/\/www.microsoft.com\/en-us\/research\/video\/virtual-machine-reset-vulnerabilities-and-hedged-cryptography-subspace-lwe-cryptography-against-continuous-memory-attacks\/","title":{"rendered":"Virtual Machine Reset Vulnerabilities and Hedged Cryptography; Subspace LWE; Cryptography Against Continuous Memory Attacks"},"content":{"rendered":"<div class=\"asset-content\">\n<p>Virtual Machine Reset Vulnerabilities and Hedged Cryptography<\/p>\n<p>Tom Ristenpart, UC San Diego<\/p>\n<p>Virtual machines are widely used to, for example, support cloud computing services and improve home desktop security. In this talk I&#8217;ll present recent work on showing a new class of vulnerabilities, termed VM reset vulnerabilities, that arise due to reuse of VM snapshots. A snapshot is the saved state of a VM, which can include caches, memory, persistent storage, etc. A reset vulnerability occurs when resuming two or more times from the same VM snapshot exposes security bugs. I&#8217;ll report on our discovery of several reset vulnerabilities in modern browsers used within commonly-used VM managers. These vulnerabilities exploit weaknesses in cryptographic protocols when confronted with reused randomness. I&#8217;ll then explore a new framework of hedged cryptography, which aims to build into cryptographic protocols mechanisms that provide improved security in the face of reset (or other) vulnerabilities.<\/p>\n<p>Subspace LWE<\/p>\n<p>Krzysztof Pietrzak, CWI<\/p>\n<p>The (decisional) learning with errors (LWE) problem asks to<br \/>\ndistinguish &#8220;noisy&#8221; inner products of a secret vector with random<br \/>\nvectors from uniform. The presumed hardness of this and the related<br \/>\nlearning parity with noise (LPN) problem has found many applications<br \/>\nin cryptography. Its appeal stems from the fact that it is provably as<br \/>\nhard as well studied worst-case lattice problems [Regev&#8217;05].<\/p>\n<p>We introduce (seemingly) much stronger *adaptive* assumptions SLWE and<br \/>\nSLPN (S for &#8220;subspace&#8221;), where the adversary can learn inner products<br \/>\nof the secret and random vectors after they were projected into an<br \/>\nadaptively and adversarially chosen subspace. We prove that SLWE\/SLPN<br \/>\nmapping into subspaces of dimension N are almost as hard as the<br \/>\nstandard LWE\/LPN assumptions using secrets of length N.<\/p>\n<p>This implies that the standard LWE\/LPN problems are surprisingly<br \/>\nrobust with respect to tampering with the secret and\/or the randomness<br \/>\nused to generate the samples. This robustness directly translates to<br \/>\nstronger security guarantees (e.g. it implies security against a broad<br \/>\nclass of related-key attacks) one can give for cryptosystems proven<br \/>\nsecure under the standard LWE\/LPN assumptions.<\/p>\n<p>We also present a new very simple and efficient authentication<br \/>\nprotocol which is secure against active attacks under the SLPN (and<br \/>\nthus the standard LPN) assumption. Our protocol improves upon the HB+<br \/>\nprotocol [Juels and Weis&#8217;05],[Katz, Shin&#8217;05] (which is the best known<br \/>\nprotocol based on LPN achieving active security) in term of round<br \/>\ncomplexity (optimal two rounds compared to three) and a tight security<br \/>\nreduction.<\/p>\n<p>Cryptography Against Continuous Memory Attacks<\/p>\n<p>Yevgeniy Dodis, New York University<\/p>\n<p>We say that a cryptographic scheme is Continuous Leakage-Resilient (CLR), if it allows users to refresh their secret keys, using only fresh local randomness, such that:<br \/>\n&#8212; The scheme remains functional after any number of key refreshes, although the public key never changes. Thus, the &#8220;outside world&#8221; is neither affected by these key refreshes, nor needs to know about their frequency.<br \/>\n&#8212; The scheme remains secure even if the adversary can continuously leak arbitrary information about the current secret-key of the system, as long as the amount of leaked information is bounded in between any two successive key refreshes. There is no bound on the total amount of information that can be leaked during the lifetime of the system.<br \/>\nIn this work, we construct a variety of practical CLR schemes, including CLR one-way relations, CLR signatures, CLR identification schemes, and CLR authenticated key agreement protocols. For each of the above, we give general constructions, and then show how to instantiate them efficiently using a well established assumption on bilinear groups, called the K-Linear assumption.<br \/>\nJoint work with Kristiyan Haralambiev and Adriana Lopez-Alt and Daniel Wichs. The extended abstract of the paper will appear at FOCS&#8217;10 and can be found at http:\/\/eprint.iacr.org\/2010\/196<\/p>\n<\/div>\n<p><!-- .asset-content --><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Virtual Machine Reset Vulnerabilities and Hedged Cryptography Tom Ristenpart, UC San Diego Virtual machines are widely used to, for example, support cloud computing services and improve home desktop security. In this talk I&#8217;ll present recent work on showing a new class of vulnerabilities, termed VM reset vulnerabilities, that arise due to reuse of VM snapshots. [&hellip;]<\/p>\n","protected":false},"featured_media":195710,"template":"","meta":{"msr-url-field":"","msr-podcast-episode":"","msrModifiedDate":"","msrModifiedDateEnabled":false,"ep_exclude_from_search":false,"_classifai_error":"","msr_hide_image_in_river":0,"footnotes":""},"research-area":[],"msr-video-type":[],"msr-locale":[268875],"msr-post-option":[],"msr-session-type":[],"msr-impact-theme":[],"msr-pillar":[],"msr-episode":[],"msr-research-theme":[],"class_list":["post-185227","msr-video","type-msr-video","status-publish","has-post-thumbnail","hentry","msr-locale-en_us"],"msr_download_urls":"","msr_external_url":"https:\/\/youtu.be\/cILgsAWC6b4","msr_secondary_video_url":"","msr_video_file":"","_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-video\/185227","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-video"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/types\/msr-video"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-video\/185227\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/media\/195710"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/media?parent=185227"}],"wp:term":[{"taxonomy":"msr-research-area","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/research-area?post=185227"},{"taxonomy":"msr-video-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-video-type?post=185227"},{"taxonomy":"msr-locale","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-locale?post=185227"},{"taxonomy":"msr-post-option","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-post-option?post=185227"},{"taxonomy":"msr-session-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-session-type?post=185227"},{"taxonomy":"msr-impact-theme","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-impact-theme?post=185227"},{"taxonomy":"msr-pillar","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-pillar?post=185227"},{"taxonomy":"msr-episode","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-episode?post=185227"},{"taxonomy":"msr-research-theme","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-research-theme?post=185227"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}